Saturday 26 January 2008
By ArnY on Saturday 26 January 2008, 11:08 - spam
From SecuryTeam:
For those not familiar with RBL, the term means Real-time Blackhole List, it
is mainly used for SPAM fighting. I have recently started playing around with
Google as an RBL engine, the idea is that if the search term I use hits too
many hits it is likely to be SPAM
This is actually interesting, i've been googling urls found in spams for a
little while now but those kind of search never return tons of pages, but it
does return a few of them, and most of the time they are security related site.
This "google rbl" could be pretty usefull coupled with a list of trusted
security sites. If the search returns a few urls from those sites, then the
mail is likely to be a spam or malware related. What about a mail with
"http://securityfocus.com" in the body? uhuh...definitely not bulletproof! So
better stick to the IP of the sender and just count the number of hits returned
by google.
from securiteam
no trackback
Saturday 15 September 2007
By ArnY on Saturday 15 September 2007, 19:45 - spam
We decided to active the greylisting antispam solution for all our mailboxes
at work.. here how it shows on our graphs:
no trackback
Tuesday 7 August 2007
By ArnY on Tuesday 7 August 2007, 18:19 - spam
Christopher Smith, the notorious "pharmacy
spam king," has received a 30-year-jail sentence for running an illegal
internet store that sold millions of dollars in prescription drugs.
via Secure Computing Magazine
no trackback
Saturday 3 March 2007
By ArnY on Saturday 3 March 2007, 19:56 - spam
Here at work, we are averaging 66% of spam, which means that most of our
users get twice as much spam as regular mails. I know some users who even gave
up on email because they were getting 90% of spam. We use spamassassin and
CRM114 so we tag every detected mail (we aren't allowed to delete mails, even
if spamassassin scores it at 1000, security reasons). Still, users like to
complain that they get too much spam.
Anyway.. we decided it was time to test greylisting to try to reduce the
amount of pollution in users' mailboxes.
Continue reading...
no trackback
Friday 12 January 2007
By ArnY on Friday 12 January 2007, 18:15 - spam
A good way to prevent your main email address from being spammed is not
using it when creating web accounts or subscribing to websites. Managing
different email accounts isn't trivial and dropping a free account when it
starts being spammed to open another one in the next minute isn't really
usefull either.
What you really need is a temporary email address you can use to prove
you're not a robot. One you can throw away as soon as you have used it. That's
what disposable email services are for.
Continue reading...
no trackback
Wednesday 27 December 2006
By ArnY on Wednesday 27 December 2006, 20:10 - spam
ordb.org was one of the rare open-relay rbl (Realtime
Blackhole List) that would actually perform a
check on the servers before blacklisting them. You could always remove your
servers after correcting the problem since ordb would also perform a check
before removing a server from its RBLs. It was my favorite RBL and it's shuting
down:
Continue reading...
no trackback
Thursday 7 December 2006
By ArnY on Thursday 7 December 2006, 09:16 - spam
Brad Stones from The New York Times writes about the new surge of spam:
You’re not the only one. Spam is back — in e-mail in-boxes and on everyone’s
minds. In the last six months, the problem has gotten measurably worse.
Worldwide spam volumes have doubled from last year, according to Ironport, a
spam filtering firm, and unsolicited junk mail now accounts for more than 9 of
every 10 e-mail messages sent over the Internet.
Much of that flood is made up of a nettlesome new breed of junk e-mail
called image spam, in which the words of the advertisement are part of a
picture, often fooling traditional spam detectors that look for telltale
phrases. Image spam increased fourfold from last year and now represents 25 to
45 percent of all junk e-mail, depending on the day, Ironport says.
Continue reading...
no trackback
Saturday 2 December 2006
By ArnY on Saturday 2 December 2006, 19:13 - spam
Spamhaus is a well known organisation tracking spams and
spammers. It offers services like the Spamhaus Block List and the Exploits
Block List which are both realtime block list to be used with your mail
servers. Spamhaus also tracks spammers and publishes data about them:
For example, the worste spammer today is an ukrainian citizen named Alex
Polyakov also known as Alex Blood, Alexander Mosh, etc. (Alex Polyakov is the
big Soviet spy character in John LeCarre's spy novel "Tinker, Tailor, Soldier,
Spy.").
Continue reading...
no trackback
Sunday 26 November 2006
By ArnY on Sunday 26 November 2006, 14:07 - spam
The most common (and useless?) trick used by spammers to fool users is the
fake reply method. By adding "Re: <something>" in the subject, spammers
assume that the victim will believe it's a reply to one of their mail.
Unfortunately for them, the SMTP RFC (rfc 822) offers optional and commonly
used headers for defining a reply and Spamassassin can be used to detect when
those headers are missing.
Continue reading...
no trackback
Thursday 16 November 2006
By ArnY on Thursday 16 November 2006, 20:12 - spam
Spammers spam and I make a living stoping spam (well, that's not the only
thing i do) and i do it well. At work we use a combination of Spamassassin and
CRM114. That's a combination of two different antispam mechanisms:
This system isn't perfect but give pretty good results: 99.6% of the spam
that were sent to my addresses were detected. But that was before they started
using poisonning methods and captcha images...
Continue reading...
no trackback
